|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [qemu-upstream-unstable] qcow2: Prevent numerical overflow
commit 1e85e69fd6972d1990c6309dfa273ccd8b12d92a
Author: Max Reitz <mreitz@xxxxxxxxxx>
AuthorDate: Tue Dec 2 18:32:50 2014 +0100
Commit: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
CommitDate: Sun Feb 22 12:09:44 2015 -0600
qcow2: Prevent numerical overflow
In qcow2_alloc_cluster_offset(), *num is limited to
INT_MAX >> BDRV_SECTOR_BITS by all callers. However, since remaining is
of type uint64_t, we might as well cast *num to that type before
performing the shift.
Cc: qemu-stable@xxxxxxxxxx
Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
(cherry picked from commit 11c89769dc3e638ef72915d97058411ddf79b64b)
Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
---
block/qcow2-cluster.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index df0b2c9..1fea514 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -1263,7 +1263,7 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs,
uint64_t offset,
again:
start = offset;
- remaining = *num << BDRV_SECTOR_BITS;
+ remaining = (uint64_t)*num << BDRV_SECTOR_BITS;
cluster_offset = 0;
*host_offset = 0;
cur_bytes = 0;
--
generated by git-patchbot for /home/xen/git/qemu-upstream-unstable.git
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |